Defining and applying an IPv4 ACL


  1. Begin defining an IPv4 ACL named FILTER_TO_HOST_B:
  2. switch(config)# access-list ip FILTER_TO_HOST_B

  3. Add an ACE that denies access from IP address (Host A) to (Host B):
  4. switch(config-acl-ip)# deny any log

  5. Add an ACE that allows access from all other IP addresses:
  6. switch(config-acl-ip)# permit any any any

  7. Exit the ACL definition:
  8. switch(config-acl-ip)# exit

  9. Enter the context of the interface to which you will apply the ACL:
  10. switch(config)# interface 1/1/1

  11. Apply the FILTER_TO_HOST_B ACL to inbound (ingress) traffic:
  12. switch(config-if)# apply access-list ip FILTER_TO_HOST_B in

  13. Show your ACL:
    switch(config-if)# exit switch# show access-list ip FILTER_TO_HOST_B Type Name Sequence Comment Action L3 Protocol Source IP Address Source L4 Port(s) Destination IP Address Destination L4 Port(s) Additional Parameters ------------------------------------------------------------------------------- IPv4 FILTER_TO_HOST_B 10 deny any Logging: enabled Hit-counts: enabled 20 permit any any any -------------------------------------------------------------------------------